CryptoSmarts 4: The Best Free Password Managers

CryptoSmarts 4

In this article, we’ll take a deep dive into password managers, which applications to go for, how to optimize your password managers and which ones to avoid. It’s of increasing importance for all users to adopt a password manager because commonly used passwords and repeated use of log-in + password combinations are the two weakest points in any normal individual’s security online. Meanwhile, memorizing dozens of unique and complex passwords is beyond the scope of what most people can do, especially long term. Thus password managers have been created as a way to store multiple passwords into a single file that can help ensure your security and privacy online.

For a little encouragement, we’ll share the now extremely famous dialogue between Edward Snowden and John Oliver talking about passwords. As should be painfully obvious by now, password managers are one of the best solutions to this entire dilemma.

Password Manager Basics

The very amazing thing with demanding open sourced software for your password manager is that it by definition will also be free at the most basic level. This is because if it weren’t, all it would take would be someone to fork over a program to make it free. So you are in a sense getting the best of both worlds here; a free software that is also of the highest quality. Meanwhile, ironically, many of the more commonly known password managers like Dashlane or Lastpass use closed source software and often charge fees to use their service. Funnily enough, Lastpass, the password manager itself, was actually formerly hacked in the past. One could argue this at least in part had to do with it’s closed source software since having open sourced software at least in part makes software more secure. In short, do not used these closed source services that are frequently advertised for on the web as they are detrimental to you in more ways than one.

Recommended Best Password Managers

Next up we have KeePassXC which is a fork of one of the longest standing password managers in existence, formerly known as KeePass that halted a lot of it’s ongoing development some time ago. KeePassXC was created as a locally held password manager application that could work across platforms. Unlike Bitwarden where your key file is held in cloud storage, KeePassXC is simply a program client and a local file that you must maintain and backup yourself. This has some pros and cons. The good news is that you have full control of everything related to KeePassXC as the program under most situations will not be talking to any online server which could expose private or sensitive information. The bad news is that if you ever were to lose control of your key file, you are completely out of luck. For this reason, it’s imperative to back up your encrypted key file in multiple locations to protect against what would be catastrophic loss. You can do this with USB drives, e-mail accounts, cloud storage, safe deposit boxes or a whole host of other creative solutions that you might come up with.

The final recommended option is LessPass. LessPass is very interesting technology because it is a no-knowledge password manager. By inputting a few pieces of information which could be a master password in conjunction with an e-mail address or user name, a password is automatically attached to any URL address. It will simply cross all of these pieces of information via PBKDF2 and SHA-256 to produce random yet consistent outputs for any of your web browsing. The advantage of this program is that it is extremely light weight, and so long as you can remember your e-mail address, account name and master password, you can now gain full access to everything around the internet without the need of any files. The downside is some level of control over password flexibility since the passwords are automatically generated for you.

In summation of these three options, BitWarden is the best overall password manager for most people’s use cases. Meanwhile, LessPass is probably best suited for the most casual user who contains fewer accounts across the internet and wants something extremely simple and easy to use. Lastly, KeePassXC, will be the ultimate in privacy password manager technology and is best suited for those that are prepared to take the extra steps to ensure their key file is kept up to date as the months and years tick by.

Best Practices With Your New Password Manager

Generally speaking, when choosing password length from your password manager for standard and robust security, 25 random characters, letters (and symbols if you wish, but they aren’t necessary), is mostly considered to be uncrackable. This is because while every password is in theory beatable, it takes dramatically more computational energy over time to figure out what your password is, and at some point, it becomes unreasonable. That said, NSA grade security often holds itself up to 50 random characters which is considered to be unbreakable even on a government wide scale.

On that same token, you’ll have to use a master password for your password manager. Given that you only need to know one password, it will now be extremely important to make this a very good password. Because a password that you need to remember most likely won’t (or perhaps shouldn’t) be completely random so that it’s easy to remember, it should, at the very least, be long. I would suggest making sure that you come up with a master password that is at least 40 characters long or 125 bits of information. To check out how many bits of entropy your master password is, you can type it into the password field of KeePassXC and it will tell you roughly how secure your master password is. While 40 characters may seem like a lot, do keep in mind that this is now the only gateway between yourself and all of your access keys to all of your accounts held on this account.

Bits of Entropy Example on KeePassXC

Finally, it is worth investing in a YubiKey or similar 2-FA device if you can get one. This can apply to BitWarden and KeePassXC. With the normal password managers, a hacker will need access to not only your password but also your key file in order to have free reign over all of your accounts. However, a sophisticated hacker that has full access to your device with a keylogger could ultimately, in theory, compromise your full set up, and this would be disastrous for you. Fortunately, this can be resolved by buying and activating a Yubikey or other such device. The Yubikey example requires that a Yubikey, with a private key that you set up for your password manager, is present to access your database. Therefore, even if a hacker were to obtain your key file and your master password, they still won’t be able gain access to your account. As a precaution, however, if you lose access to your Yubikey and/or private key, you too, will be locked out. Therefore, it is important to keep your Yubikey backed up and to keep extra copies available.

In Conclusion

Finally, while the article is current as of the writing of the article, it will undoubtedly lose merit over time. Be sure to check if everything in this article is up to date or that any password manager that you select from this article continues development or continues to abide by the proper best practice principles.

If you enjoyed this article, we would encourage you to check out our other previous CryptoSmarts articles discussing private e-mails, secure messenger applications and proper web browsers.

This article was brought to you by the best Bitcoin slots on MintDice. Originally posted on MintDice.com.

MintDice / https://mintdice.com / Is the Bitcoin Casino with the world’s best Bitcoin Dice game, online slots, Bitcoin plinko games and Bitcoin crash game.